Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1635 | 2 Drupal, Rik De Boer | 2 Drupal, Revisioning | 2025-04-11 | N/A |
| The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content. | ||||
| CVE-2012-6119 | 3 Candlepinproject, Redhat, Rhel Sam | 3 Candlepin, Subscription Asset Manager, 1.2 | 2025-04-11 | N/A |
| Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | ||||
| CVE-2013-1287 | 1 Microsoft | 7 Windows 7, Windows 8, Windows Server 2003 and 4 more | 2025-04-11 | N/A |
| The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. | ||||
| CVE-2012-0326 | 2 Google, Tetsuya Aoyama | 2 Android, Twicca | 2025-04-11 | N/A |
| The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application. | ||||
| CVE-2011-4692 | 2 Apple, Google | 3 Safari, Webkit, Chrome | 2025-04-11 | N/A |
| WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. | ||||
| CVE-2010-1066 | 1 The-ghost | 1 Ar Web Content Manager | 2025-04-11 | N/A |
| AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. | ||||
| CVE-2011-4688 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | ||||
| CVE-2011-4681 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain. | ||||
| CVE-2010-1065 | 1 Lebisoft | 1 Ziyaretci Defteri | 2025-04-11 | N/A |
| Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb. | ||||
| CVE-2011-1717 | 1 Skype | 1 Skype For Android | 2025-04-11 | N/A |
| Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information. | ||||
| CVE-2012-0322 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2025-04-11 | N/A |
| The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function. | ||||
| CVE-2010-0984 | 1 Acidcat | 1 Acidcat Cms | 2025-04-11 | N/A |
| Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb. | ||||
| CVE-2011-4659 | 1 Cisco | 2 Ip Video Phone E20, Telepresence E20 Software | 2025-04-11 | N/A |
| Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555. | ||||
| CVE-2010-0977 | 1 Pordus | 1 Pd Portal | 2025-04-11 | N/A |
| PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. | ||||
| CVE-2011-1022 | 2 Balbir Singh, Redhat | 2 Libcgroup, Enterprise Linux | 2025-04-11 | N/A |
| The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. | ||||
| CVE-2013-5383 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | N/A |
| IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382. | ||||
| CVE-2010-0978 | 1 Kmsoft | 1 Guestbook | 2025-04-11 | N/A |
| KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. | ||||
| CVE-2010-0965 | 1 Jevci.net | 1 Jevci Siparis Formu Scripti | 2025-04-11 | N/A |
| Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb. | ||||
| CVE-2012-5444 | 1 Cisco | 2 Telepresence Video Communication Server, Telepresence Video Communication Servers Software | 2025-04-11 | N/A |
| Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. | ||||
| CVE-2010-0939 | 1 Visialis | 1 Abb Forum | 2025-04-11 | N/A |
| Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb. | ||||